QID 317006

A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 Single Sign-On (SSO) for Clientless SSL VPN (WebVPN)
and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance (ASA) Software
could allow an unauthenticated, remote attacker to successfully establish a VPN session to an affected device.

Affected Products
Cisco products that are running Cisco ASA Software Release 9.7.1 or later configured for SAML 2.0-based SSO
for Clientless SSL VPN (WebVPN) or AnyConnect Remote Access VPN for following products:
3000 Series Industrial Security Appliances (ISAs)
Adaptive Security Appliance (ASA) 5500-X Series Firewalls
ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
Adaptive Security Virtual Appliance (ASAv)

QID Detection Logic (Authenticated):
The check matches Cisco ASA OS version retrieved via Unix Auth using "version" command.
Checks for vulnerable config of SAML 2.0 Identity Provider (IdP), SAML 2.0 Service Provider (SP), AnyConnect Remote Access VPN or Clientless SSL VPN (WebVPN).

A successful exploit could allow the attacker to connect to secured networks behind the affected device.